name: Preview (build)
on:
  pull_request:
    types: [opened, synchronize, reopened, closed]
    paths-ignore:
      - '.changeset/**'
      - 'contrib/**'
      - 'docs/**'
      - 'microsite/**'
      - 'beps/**'
      - 'scripts/**'
      - 'storybook/**'
      - '**/*.test.*'
      - '**/package.json'
      - '*.md'

jobs:
  build-backstage:
    env:
      NODE_OPTIONS: --max-old-space-size=4096
      UFFIZZI_URL: https://app.uffizzi.com
    name: Build PR image
    runs-on: ubuntu-latest
    if: ${{ github.event_name != 'pull_request' || github.event.action != 'closed' }}
    outputs:
      tags: ${{ steps.meta.outputs.tags }}
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
        with:
          egress-policy: audit

      - name: checkout
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

      - name: setup-node
        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
        with:
          node-version: 18.x
          registry-url: https://registry.npmjs.org/

      - name: yarn install
        uses: backstage/actions/yarn-install@a674369920067381b450d398b27df7039b7ef635 # v0.6.5
        with:
          cache-prefix: linux-v18

      - name: Use Uffizzi's backstage app config
        run: |
          cp -f ./.github/uffizzi/uffizzi.production.app-config.yaml ./app-config.yaml

      - name: backstage build
        run: |
          yarn workspace example-backend build

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0

      - name: Generate UUID image name
        id: uuid
        run: echo "UUID_TAG_APP=backstage-$(uuidgen --time)" >> $GITHUB_ENV

      - name: Docker metadata
        id: meta
        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
        with:
          images: registry.uffizzi.com/${{ env.UUID_TAG_APP }}
          tags: type=raw,value=60d

      - name: Build Image
        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
        with:
          context: .
          file: packages/backend/Dockerfile
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          push: true
          cache-from: type=gha
          cache-to: type=gha,mode=max

  render-kustomize:
    name: Render Kustomize Manifests
    runs-on: ubuntu-latest
    needs:
      - build-backstage
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
        with:
          egress-policy: audit

      - name: Checkout git repo
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: Render Compose File
        run: |
          # update image after the build above
          cd ./.github/uffizzi/k8s/manifests
          kustomize edit set image backstage=${{ needs.build-backstage.outputs.tags }}
          kustomize build . > manifests.rendered.yml
          cat manifests.rendered.yml
      - name: Upload Rendered Manifests File as Artifact
        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
        with:
          name: preview-spec
          path: ./.github/uffizzi/k8s/manifests/manifests.rendered.yml
          retention-days: 2
      - name: Upload PR Event as Artifact
        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
        with:
          name: preview-spec
          path: ${{ github.event_path }}
          retention-days: 2

  delete-preview:
    name: Call for Preview Deletion
    runs-on: ubuntu-latest
    if: ${{ github.event.action == 'closed' }}
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
        with:
          egress-policy: audit

      # If this PR is closing, we will not render a compose file nor pass it to the next workflow.
      - name: Upload PR Event as Artifact
        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
        with:
          name: preview-spec
          path: ${{ github.event_path }}
          retention-days: 2
